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In the Claims: 

Applicants have not amended the claims, but provide the present claim listing for the 
Examiner's convenience. 

1 . (Previously Presented) A method for selectively allowing access to a plurality of 
resources in a network, the method comprising: 

receiving a request originated from a user of a multi-user system to transmit a message 
via the multi-user system over the network to one of the plurality of resources, wherein each of 
the plurality of resources has been assigned to one of a plurality of security zones based on a 
level of security sensitivity of the resource; 

identifying a one of the plurality of security zones that is associated with the one of the 
plurality of resources; 

detemiining if the user of the multi-user system is authorized access to the identified one 
of the plurality of security zones; and 

forwarding the message from the multi-user system over the network only if it is 
determined that the user is authorized access to the identified one of the plurality of security 
zones. 

2. (Previously Presented) The method of Claim 1 , wherein the multi-user system 
comprises a mainframe computer, and wherein the request is originated on a workstation of the 
mainframe computer. 

3. (Previously Presented) The method of Claim 2, wherein the mainframe computer 
receives the request originated from the user, identifies the one of the plurality of security zones 
associated with the one of the plurality of resources, and determines if the user is authorized 
access to the one of the plurality of resources. 

4. (Previously Presented) The method of Claim 3, wherein the step of identifying the one 
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of the plurality of security zones associated with the one of the plurality of resources comprises 
accessing a data structure that specifies the security zone associated with each resource in the 
plurality of resources. 

5. (Previously Presented) The method of Claim 4, wherein at least one entry in the data 
structure specifies the security zone associated with a group of the resources in the plurality of 
resources, and wherein identifying the one of the plurality of security zones associated with the 
one of the plurality of resources comprises identifying the security zone associated with the most 
specific entry in the data structure that includes the resource. 

6. (Original) The method of Claim 1, wherein the identifying and determining steps are 
performed within the multi-user system. 

7. (Previously Presented) The method of Claim 1, wherein the message forwarded over 
the network includes a first user identification associated with the multi-user system but does not 
include a second user identification associated with the user of the multi-user system. 

8. (Previously Presented) The method of Claim 1 , wherein the identifying and 
determining steps are performed before any data packets associated with the message are 
forwarded over the network. 

9. (Original) The method of Claim 1, wherein the network is an internet protocol 
network. 

10-13. (Cancelled) 

14. (Previously Presented) A system for selectively allowing access to a plurality of 
resources in a network, comprising: 

means for receiving a request originated from a user of a multi-user system to transmit a 
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message via the multi-user system over the network to one of the plurality of resources, wherein 
each of the plurality of resources has been assigned to one of a plurality of security zones based 
on a level of security sensitivity of the resource; 

means for identifying a one of the plurality of security zones that is associated with the 
one of the plurality of resources; 

means for determining if the user of the multi-user system is authorized access to the 
identified one of the plurality of security zones; and 

means for forwarding the message from the multi-user system over the network only if it 
is determined that the user is authorized access to the identified one of the plurality of security 
zones. 

15. (Original) The system of Claim 14, further comprising means for associating a 
security zone with each of the plurality of resources. 

16. (Previously Presented) The system of Claim 15, further comprising means for 
specifying in advance of receiving the request the security zones to which users of the multi-user 
system are authorized access. 

17. (Previously Presented) The system of Claim 14, wherein the means for identifying 
the one of the plurality of security zones associated with the one of the plurality of resources 
comprise means for accessing a data structure that specifies the security zone associated with 
each resource in the plurality of resources. 

18. (Previously Presented) The system of Claim 17, wherein at least one entry in the data 
structure specifies the security zone associated with a group of the resources in the plurality of 
resources, and wherein the means for identifying the one of the plurality of security zones 
associated with the one of the plurality of resources comprises means for identifying the security 
zone associated with the most specific entry in the data structure that includes the resource. 
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19. (Previously Presented) A computer program product for selectively allowing access 
to a plurality of resources in a network, comprising: 

a computer-readable storage medium having computer-readable program code embodied 
in said medium, said computer-readable program code comprising: 

computer program product means for receiving a request originated from a user of a 
multi-user system to transmit a message via the multi-user system over the network to one of the 
plurality of resources, wherein each of the plurality of resources has been assigned to one of a 
plurality of security zones based on a level of security sensitivity of the resource; 

computer program product means for identifying a one of the plurality of security zones 
that is associated with the one of the plurality of resources; 

computer program product means for determining if the user of the multi-user system is 
authorized access to the identified one of the plurality of security zones; and 

computer program product means for forwarding the message from the multi-user system 
over the network only if it is determined that the user is authorized access to the identified one of 
the plurality of security zones. 

20. (Original) The computer program product of Claim 19, further comprising computer 
program product means for associating a security zone with each of the plurality of resources. 

21 . (Previously Presented) The computer program product of Claim 20, further 
comprising computer program product means for specifying in advance of receiving the request 
the security zones to which users of the multi-user system are authorized access. 

22. (Previously Presented) The computer program product of Claim 1 9, wherein the 
computer program product means for identifying the one of the plurality of security zones 
associated with the one of the plurality of resources comprise computer program product means 
for accessing a data structure that specifies the security zone associated with each resource in the 
plurality of resources. 
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23. (Previously Presented) The computer program product of Claim 22, wherein at least 
one entry in the data structure specifies the security zone associated with a group of the resources 
in the plurality of resources, and wherein the computer program product means for identifying 
the one of the plurality of security zones associated with the one of the plurality of resources 
comprises computer program product means for identifying the security zone associated with the 
most specific entry in the data structure that includes the resource. 

24. (Original) A method for selectively allowing a user of a multi-user system access to 
a plurality of resources in a network, the method comprising: 

receiving a message over the network from one of the plurality of resources that is 
addressed to a process running on the multi-user system that is associated with the user; 

identifying, from a plurality of security zones, a security zone associated with the one of 
the plurality of resources; 

determining if the user is authorized access to the identified security zone; and 

forwarding the message to the process only if it is determined that the user is authorized 
access to the identified security zone. 

25. (Previously Presented) A data processing system for selectively allowing access to a 
plurality of resources in a network, comprising: 

a data processing device, the data processing device connected to a first network that 
includes a plurality of networked resources; 

a plurality of workstations that are configured to execute applications on the data 
processing device; 

a first data structure that specifies at least one security zone from a plurality of security 
zones that is associated with each of the plurality of networked resources, wherein each of the 
plurality of security zones represents a distinct level of security sensiti vity; and 

a second data structure that specifies the respective security zones to which a plurality 



In re: Bruton et al 
Serial No. 09/773,811 
Filed: January 31, 2001 
Page 7 

users of the data processing device may have access. 

26. (Previously Presented) The data processing system of Claim 25, wherein the first 
data structure comprises a mapping table that identifies the respective one of the plurality of 
security zones associated with each of the plurality of networked resources, wherein at least some 
of the entries in the mapping table are associated with multiple of the plurality of networked 
resources. 

27. (Previously Presented) The data processing system of Claim 26, wherein entries in 
the mapping table include wildcard characters to specify multiple of the plurality of networked 
resources with a single entry in the mapping table. 

28. (Previously Presented) The method of Claim 24, wherein the multi-user system 
identifies the security zone associated with the one of the plurality of resources and determines if 
the user is authorized access to the identified security zone. 



